Functional encryption is a powerful paradigm for public-key encryption which allows for controlled access to encrypted data. This primitive is generally impossible in the standard setting so we investigate possibilities in the bounded quantum storage model (BQSM) and the bounded classical storage model (BCSM). In these models, ciphertexts potentially disappear which nullifies impossibility results and allows us to obtain positive outcomes. Firstly, in the BQSM, we construct information-theoretically secure functional encryption with $\texttt{q}=O(\sqrt{\texttt{s}/\texttt{r}})$ where $\texttt{r}$ can be set to any value less than $\texttt{s}$. Here $\texttt{r}$ denotes the number of times that an adversary is restricted to $\texttt{s}$--qubits of quantum memory in the protocol and $\texttt{q}$ denotes the required quantum memory to run the protocol honestly. We then show that our scheme is optimal by proving that it is impossible to attain information-theoretically secure functional encryption with $\texttt{q} < \sqrt{\texttt{s}/\texttt{r}}$. However, by assuming the existence of post-quantum one-way functions, we can do far better and achieve functional encryption with classical keys and with $\texttt{q}=0$ and $\texttt{r}=1$. Secondly, in the BCSM, we construct $(O(\texttt{n}),\texttt{n}^2)$ functional encryption assuming the existence of $(\texttt{n},\texttt{n}^2)$ virtual weak grey-box obfuscation. Here, the pair $(\texttt{n},\texttt{n}^2)$ indicates the required memory to run honestly and the needed memory to break security, respectively. This memory gap is optimal and the assumption is minimal. In particular, we also construct $(O(\texttt{n}),\texttt{n}^2)$ virtual weak grey-box obfuscation assuming $(\texttt{n},\texttt{n}^2)$ functional encryption.
翻译:暂无翻译